---
name: ossf-scorecard
on:
  schedule:
  - cron: '20 7 * * 2'
  push:
    branches:
    - 'main'
permissions: read-all
jobs:
  analysis:
    name: Scorecard analysis
    runs-on: ubuntu-latest
    permissions:
      # Needed to publish result and generate a badge.
      id-token: write
      # Needed to upload the results to code-scanning dashboard.
      security-events: write
      contents: read
      actions: read
    steps:
    - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3  # v3.5.0
    - uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86  # v2.1.2
      with:
        publish_results: true
        results_file: results.sarif
        results_format: sarif
    - uses: github/codeql-action/upload-sarif@04df1262e6247151b5ac09cd2c303ac36ad3f62b  # v2.2.9
      with:
        sarif_file: results.sarif
